CRISC Certified in Risk and Information Systems Control – Question698

An external security audit has reported multiple findings related to control noncompliance. Which of the following would be MOST important for the risk practitioner to communicate to senior management?

A.
Plans for mitigating the associated risk
B. Suggestions for improving risk awareness training
C. A recommendation for internal audit validation
D. The impact to the organization’s risk profile

Correct Answer: C